SSH MITM (was Re: Getting certificates)
Eric Murray
ericm at lne.com
Fri Sep 5 10:47:10 PDT 2003
On Thu, Sep 04, 2003 at 10:48:55PM -0700, James A. Donald wrote:
>
> On 4 Sep 2003 at 7:56, Eric Murray wrote:
> > ..which means that it [ssh-- ericm] still requires an OOB authentication.
> > (or blinding typing 'yes' and ignoring the consequences). But
> > that's another subject.
>
> Not true. Think about what would happen if you tried a man in
> the middle attack on an SSH server.
you'd get the victim's session:
http://www.monkey.org/%7Edugsong/dsniff/
Abstract
dsniff is a collection of tools for network auditing and penetration
[..]
sshmitm and webmitm implement active monkey-in-the-middle
attacks against redirected SSH and HTTPS sessions by exploiting weak
bindings in ad-hoc PKI.
also see http://sysadmin.oreilly.com/news/silverman_1200.html for
discussion.
More information about the cypherpunks-legacy
mailing list